acme .sh deploy Scipt for TrueNAS Server that uses the REST API from TrueNAS.
- Authentification with API Key
- If HTTP redirect is configured, automatik switch to HTTPS
- If WebDAV Certificate is the same as Web UI Certificate, Webdav Certificate get also an updated
- If FTP Certificate is the same as Web UI Certificate, FTP Certificate get also an updated
Small changes for DSM 6:
All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params
enable_syno_token=yes must be in both the GET and POST params.
If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work.
Need to use /webapi/auth.cgi instead of /webapi/entry.cgi
Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850
This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.) HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
I have modified the following things:
Originally, "/data/assets/ssl/" is always appended to the varialbe ${_mailcow_path}. Since I use acme.sh as docker container, I only want to include the mailcow-ssl directory in the acem.sh container and not the complete mailcow directory. So now it is checked if the file generate_config.sh is in the directory (then it is the mailcow root directory, see https://github.com/mailcow/mailcow-dockerized) and only then "/data/assets/ssl/" is appended, in all other cases the passed variable is taken over unchanged.
Because of the RP mailcow/mailcow-dockerized#2443 I have extended the script with ECC certificates.
I adapted the reboot commands as described in the mailcow manual (https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#how-to-use-your-own-certificate).
This provider relies on the the python-openstackclient and
python-designateclient tools be installed and working, with
either password or application credentials loaded in your env.